https service
how to add https service in linux trough ssh client ?? is it https and the http is the same protocol ??
|
Hi ameii83,
Https is http-secure it does not need ssh to tunnel through or anything of that sort. Have your apache server installed and you get https and http working automatically. The folder containing html files is httpdocs and folder https contains html files for https protocol. Have fun |
let i go through with my problem..i have succesful installed the apache server, the http is working well but the https get the problem. The problem is, if i try to surf my website that are using https..it reply "the connection was refused".What i should do ?
thanks for reply |
Just some questions to answer your question.
Firewall settings on your server? Did you generate keys and certificates, sign them and place them in the correct directories? Is mod_ssl.conf correctly configured? Do you start apache with SSL support? Check apache log file |
hii ..again
before this..i detect my firewall has block the https port 433..so i have open it..so it can get through over it. The problem is.. it come out with apache test page..not exactly the website. What i should do? Is there anything problem with https ?? |
Hi ameii83,
No, there is no problem with apache https. Have you copied all content from httpdocs to httpsdocs? If so it should show your web site. Tell me what happens |
i have cpy all the file to the var/www..but the website is never come out!!Is there anything problem with httpd.conf configuration ??
|
Please post the whole path (/var/www.. is not enough in this case). Is the problem with https? If so, there's a DocumentRoot in the file mod_ssl.conf. Does it indicate the correct directory?
|
thanks all guy..i have fix them all...dont worry ..if i have the time i will describe all the process..
thank to all |
Hello Ameii83,
If you really have got rid over your problem, please post how. This will be helpful for the people who may get into the same problem in future. I hope you'll understand.;) |
Hi Ameii83,
Why dont you post the step by step process of "how to enable https on apache"?? That could helpfull to the others. thanks in advance. -Ganesh |
the https solution
:D the solution is in the httpd.conf in virtual host section. please see the sample configuration of httpd.conf below
------------------------------------------------------------------- NameVirtualHost *:443 # # NOTE: NameVirtualHost cannot be used without a port specifier # (e.g. :80) if mod_ssl is being used, due to the nature of the # SSL protocol. # # # VirtualHost example: # Almost any Apache directive may go into a VirtualHost container. # The first VirtualHost section is used for requests without a known # server name. # #<VirtualHost *:80> # ServerAdmin webmaster@dummy-host.example.com # DocumentRoot /www/docs/dummy-host.example.com # ServerName dummy-host.example.com # ErrorLog logs/dummy-host.example.com-error_log # CustomLog logs/dummy-host.example.com-access_log common #</VirtualHost> <VirtualHost *:443> ServerAdmin xxxx@xxx.xxx DocumentRoot /var/www/html/example ServerName xxxxx.xxxxx.xxx.xx # ErrorLog logs/dummy-host.example.com-error_log # CustomLog logs/dummy-host.example.com-access_log common </VirtualHost> ----------------------------------------------------------------------- Just change the http= "80" to https ="443" port. |
As I did the same exercise a couple of weeks ago, I feel that some info is missing (like the location of keys and certificates). Are you sure that that was all that you did to get it working?
Below the story for a Slackware 10.1 box. It's not said that I did it in a better way, but the instructions might be more complete. It's based on information in Julie C. Melonie’s book ‘Teach yourself PHP, MySQL and Apache All in One’ (ISBN 0-672-32620-5). Generating certificate Step 1 Generate (private) key Code:
root@btd-techweb01:~# /usr/bin/openssl genrsa -rand /dev/urandom -out btd-techweb01.key 1024 Step 2 Generate certificate signing request Once a key file is generated, a Certificate Signing Request (CSR) can be generated. Code:
root@btd-techweb01:~# /usr/bin/openssl req -new -key btd-techweb01.key -out btd-techweb01.csr The request can now be send to a Certified Authority (CA) to be signed. Examples of CAs are Thawte and Verisign. As this is a server on the intranet, we will sign it ourselves. Code:
root@btd-techweb01:~# /usr/bin/openssl x509 -req -days 30 -in btd-techweb01.csr -signkey btd-techweb01.key -out btd-techweb01.cert Step 1 Copy files We now have a certificate. It needs to be copied to the directory /etc/apache/ssl.crt and for security we will make it readable for root only. Code:
root@btd-techweb01:~# cp btd-techweb01.cert /etc/apache/ssl.crt Code:
root@btd-techweb01:~# cp btd-techweb01.key /etc/apache/ssl.key Code:
root@btd-techweb01:~# cp btd-techweb01.csr /etc/apache/ssl.csr Code:
#WimS; we have cert extension, not crt Code:
# General setup for the virtual host Code:
<IfDefine SSL> Step 3 Modify httpd.conf Last step before we can restart the server is to modify httpd.conf and include mod_ssl.conf. Code:
# ==> mod_ssl configuration settings <== Apache can be compiled with or without SSL support. In the Slackware 10.1 distro, both versions are available and by default the correct one will be started. With a default Slackware 10.1 installation, the httpd is started from /etc/rc.d/rc.httpd. To make sure that it starts with ssl, the start option needs to be modified. Code:
'start') |
please correct me..if i was mistake
you can apply the sll certificed if u want to.. so it can match with ur domain (to have a better secure)-- i think. But in my case.. i only used the default ssl certificed. |
Did not say that you were mistaken; neither I wanted to imply that you were wrong. If it works, you basically did not do anything wrong.
I only felt that some stuff was missing (because, as said, I went through the same exercise recently and did different things). i.e. I did not see a reference to the certificate in your httpd.conf, and that surprised me. Only thing with regards to standard certificate that you use might be that anybody who uses your distro as well and uses the same standard certificate, will have the same certificate. In a home situation not an issue, but on the web it is. |
All times are GMT -5. The time now is 04:28 PM. |